Beware Of Skype Adware

June 24, 2014 - 2 Min. de leitura

Conteúdo

Article
Mais blogs

During our daily log analysis, we recently encountered a sample purporting to power up Skype with different emoticons. The binary, when installed, integrated itself with Skype and sent the following message contacts without further intervention.

The binary in question (SkypEmoticons.exe) can be downloaded from hxxp://skypemoticons.com/.

Home page of hxxp://skypemoticons.com/

After installation it dropped following executable files:

Most of the dropped files are Adware which may lead to some malicious activities.

Here is the VT report for SkypeEmotions.exe.

VT reports of the various dropped samples:

MD5	VT Hits
aa9af86b02f4e497eb0284872b50af41	21/54
e96f6d6257bdcb54c297569d42219e97	22/54
1d283dd3ae2312eee624e8b8c46f6adb	45/51
666ab79b63833a2a2502c119f0843b4a	22/54
364207a743ff39207667a0c89ff38768	20/53
02861acc8be1b59be2db226947a384b2	5/54
23912df27a61ea0463c5509ba6a97579	38/52
cee68ad38668785cd39e37ca069f8b85	19/54
b4eb856acc30b0005a44b87566850fb3	3/54
2830932fca42074f17c46c56b4942ac2	23/54

Contacted sites from which dropped files were downloaded:

hxxp://homebestmy.info
hxxp://superstoragemy.com
hxxp://setepicnew.info
hxxp://198.7.61.118
hxxp://54.187.76.32
hxxp://54.213.103.160

We also observed User-Agent: TixDll being used for downloading the files, which provided a handy mechanism to do some data mining and identify other domains associated with the adware. The following malicious domains were observed to be contacted via this User-Agent:

hxxp://getapplicationmy.info
hxxp://applicationgrabb.com
hxxp://appmegga.info
hxxp://downlloaddatamy.info

Other domains identified in our logs contacted by this User-Agent are not currently showing any malicious activity, but may deliver some malicious content in the future:

hxxp://appussajob.info
hxxp://dirgreatbestepicl.info
hxxp://embededstub.de.drive-files-b.com
hxxp://embededstub.download.dmccint.com
hxxp://fra-7m17-stor06.uploaded.net
hxxp://getdirfrfee.info
hxxp://getgoolld.info
hxxp://getinstaal.info
hxxp://getmeegan.info
hxxp://homebestmy.info
hxxp://setepicnew.info
hxxp://softservers.net
hxxp://superstoragemy.com
hxxp://xml.dljs.org

Use caution when installing any add-on program, especially one that is able to control a powerful communication tool such as Skype.

Obrigado por ler

Esta postagem foi útil?？

Sim, muito útil!

Na verdade, não

Aviso legal: este post no blog foi criado pela Zscaler apenas para fins informativos e é fornecido "no estado em que se encontra", sem quaisquer garantias de exatidão, integridade ou confiabilidade. A Zscaler não se responsabiliza por quaisquer erros, omissões ou por quaisquer ações tomadas com base nas informações fornecidas. Quaisquer sites ou recursos de terceiros vinculados neste post são fornecidos apenas para sua conveniência, e a Zscaler não se responsabiliza por seu conteúdo ou práticas. Todo o conteúdo está sujeito a alterações sem aviso prévio. Ao acessar este blog, você concorda com estes termos e reconhece que é de sua exclusiva responsabilidade verificar e utilizar as informações conforme apropriado para suas necessidades.